WHAT IS CLAIMED IS: 

1. An information processing method of controlling 
access to computer resource (s) managed by an operating 
system, such as a file, network, storage device, display 
5 screen, or external device, comprising: 

a trap step of trapping an operation request from 
a process or operating system for the computer resource 
before access to the computer resource; 

a determination step of determining whether an 
10 access right for the computer resource designated by the 
operation request trapped in the trap step is present; 

a processing step of, if it is determined in the 
determination step that the access right is present, 
transferring the operation request to the operating 
15 system and returning a result from the operating system 
to the request source process; and 

a denial step of denying the operation request if 
it is determined in the determination step that no 
access right is present . 



20 



2. 



The method according to claim 1, wherein in the 



trap step, the operation request from the process or 
operating system for the computer resource is further 
trapped before access to the computer resource. 



3. 



The method according to claim 1, wherein in the 



25 determination step, it is determined whether the access 
right is present by looking up an access right 
management table containing resource designation 
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information that designates a specific computer resource 
condition information under which the access right is 
validated, and access right information that designates 
an access right that is extended but not defined in an 
existing environment. 

4. The method according to claim 1, wherein in the 
determination step, it is determined whether the access 
right is present by looking up access right information 
that is described in the computer resource to designate 
an access right that is extended but not defined in an 
existing environment . 

5. The method according to claim 1, wherein in the 
determination step, it is determined whether the access 
right is present by determining whether the access right 
can be acquired. 

6. The method according to claim 3 or 4, wherein the 
access right information contains information that 
designates at least one of a right to move to another 
medium, a right to copy to another medium, a right to 
print, a right to write to a shared memory, a right to 
capture a screen, and a right to restrict use processes. 

7. The method according to claim 1, wherein in the 
denial step, an access denial error message is returned 
to the request source process without any access to the 
requested computer resource . 

8. The method according to claim 1, wherein in the 
denial step, a successful access message is returned to 
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the request source process without any access to the 
requested computer resource. 

9. The method according to claim 1, wherein in the 
denial step, the operation request is converted into an 
operation request for a dummy computer resource and 
transferred to the operating system, and a result from 
the operating system is returned to the request source 
process . 

10. An information processing apparatus for 
controlling access to computer resource (s) managed by an 
operating system, such as a file, network, storage 
device, display screen, or external device, comprising: 

trap means for trapping an operation request from 
a process or operating system for the computer resource 
before access to the computer resource; 

determination means for determining whether an 
access right for the computer resource designated by the 
operation request trapped by said trap means is present; 

processing means for, if it is determined by said 
determination means that the access right is present, 
transferring the operation request to the operating 
system and returning a result from the operating system 
to the request source process; and 

denial means for denying the operation request if 
it is determined by said determination means that no 
access right is present. 

11. The apparatus according to claim 10, wherein said 
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trap means further traps the operation request from the 
process or operating system for the computer resource 
before access to the computer resource. 

12. The apparatus according to claim 10, wherein said 
determination means determines whether the access right 
is present by looking up an access right management 
table containing resource designation information that 
designates a specific computer resource, condition 
information under which the access right is validated, 
and access right information that designates an access 
right that is extended but not defined in an existing 
environment . 

13. The apparatus according to claim 10, wherein said 
determination means determines whether the access right 
is present by looking up access right information that 
is described in the computer resource to designate an 
access right that is extended but not defined in an 
existing environment . 

14. The apparatus according to claim 10, wherein said 
determination means determines whether the access right 
is present by determining whether the access right can 
be acquired. 

15. The apparatus according to claim 12 or 13, wherein 
the access right information contains information that 
designates at least one of a right to move to another 
medium, a right to copy to another medium, a right to 
print, a right to write to a shared memory, a right to 
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capture a screen, and a right to restrict use processes. 

16. The apparatus according to claim 10, wherein said 
denial means returns an access denial error message to 
the request source process without any access to the 
requested computer resource. 

17. The apparatus according to claim 10, wherein said 
denial means returns a successful access message to the 
request source process without any access to the 
requested computer resource. 

18. The apparatus according to claim 10, wherein said 
denial means converts the operation request into an 
operation request for a dummy computer resource, 
transfers the operation request to the operating system, 
and returns a result from the operating system to the 
request source process. 

19. A storage medium which stores program codes for 
controlling access to computer resource (s) such as a 
file, network, storage device, display screen, or 
external device, comprising: 

a program code of a trap step of trapping an 
operation request from a process or operating system foj 
the computer resource before access to the computer 
resource; 

a program code of a determination step of 
determining whether an access right for the computer 
resource designated by the operation request trapped in 
the trap step is present; 
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a program code of a processing step of, if it is 
determined in the determination step that the access 
right is present, transferring the operation request to 
the operating system and returning a result from the 
operating system to the request source process; and 

a program code of a denial step of denying the 
operation request if it is determined in the 
determination step that no access right is present. 

20. The medium according to claim 19, wherein in the 
trap step, the operation request from the process or 
operating system for the computer resource is further 
trapped before access to the computer resource. 

21. The medium according to claim 19, wherein in the 
determination step, it is determined whether the access 
right is present by looking up an access right 
management table containing resource designation 
information that designates a specific computer resource, 
condition information under which the access right is 
validated, and access right information that designates 
an access right that is extended but not defined in an 
existing environment . 

22. The medium according to claim 19, wherein in the 
determination step, it is determined whether the access 
right is present by looking up access right information 
that is described in the computer resource to designate 
an access right that is extended but not defined in an 
existing environment . 
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23. The medium according to claim 19, wherein in the 
determination step, it is determined whether the access 
right is present by determining whether the access right 
can be acquired. 

24. The medium according to claim 21 or 22, wherein 
the access right information contains information that 
designates at least one of a right to move to another 
medium, a right to copy to another medium, a right to 
print, a right to write to a shared memory, a right to 
capture a screen, and a right to restrict use processes. 

25. The medium according to claim 19, wherein in the 
denial step, an access denial error message is returned 
to the request source process without any access to the 
requested computer resource. 

26. The medium according to claim 19, wherein in the 
denial step, a successful access message is returned to 
the request source process without any access to the 
requested computer resource. 

27. The medium according to claim 19, wherein in the 
denial step, the operation request is converted into an 
operation request for a dummy computer resource and 
transferred to the operating system, and a result from 
the operating system is returned to the request source 
process . 

28. A program for causing a computer to control access 
to computer resource (s) such as a file, network, storage 
device, display screen, or external device, comprising: 
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a program code of a trap step of trapping an 
operation request from a process or operating system for 
the computer resource before access to the computer 
resource; 

5 a program code of a determination step of 

determining whether an access right for the computer 
resource designated by the operation request trapped in 
the trap step is present; 

a program code of a processing step of, if it is 
10 determined in the determination step that the access 

right is present, transferring the operation request to 
the operating system and returning a result from the 
operating system to the request source process; and 
a program code of a denial step of denying the 
15 operation request if it is determined in the 

determination step that no access right is present. 

29. The program according to claim 28, wherein in the 
trap step, the operation request from the process or 
operating system for the computer resource is further 

20 trapped before access to the computer resource. 

30. The program according to claim 28, wherein if it 
is determined in the determination step that no access 
right is present, and access is denied in the denial 
step, an access right is permitted by charging. 

25 31. The program according to claim 28, wherein the 
computer resource includes contents of a Web cast, 
digital broadcasting, and music distribution. 
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32. An information processing system constituted by 
connecting first and second terminals through a 
communication network, wherein 

the first terminal comprises: 

trap means for trapping an operation request from 
a process or operating system for computer resource (s) 
in the second terminal before access to the computer 
resource, and 

the second terminal comprises: 

determination means for determining whether an 
access right for the computer resource designated by the 
operation request trapped by said trap means is present; 

processing means for, if it is determined by said 
determination means that the access right is present, 
transferring the operation request to the operating 
system in the first terminal and returning a result from 
the operating system to the request source process; and 

denial means for denying the operation request if 
it is determined by said determination means that no 
access right is present. 

33. A control method for an information processing 
system constituted by connecting first and second 
terminals through a communication network, comprising: 

a trap step of, in the first terminal, trapping an 
operation request from a process or operating system for 
computer resource (s) in the second terminal before 
access to the computer resource; 
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a determination step of determining, in the second 
terminal , whether an access right for the computer 
resource designated by the operation request trapped in 
the trap step is present; 

a processing step of, if it is determined in the 
determination step that the access right is present , 
transferring the operation request to the operating 
system in the first terminal and returning a result from 
the operating system to the request source process; and 

a denial step of denying the operation request if 
it is determined in the determination step that no 
access right is present. 

34. A storage medium which stores program codes of 
control for an information processing system constituted 
by connecting first and second terminals through a 
communication network, comprising: 

a program code of a trap step of, in the first 
terminal, trapping an operation request from a process 
or operating system for computer resource (s) in the 
second terminal before access to the computer resource; 

a program code of a determination step of 
determining, in the second terminal, whether an access 
right for the computer resource designated by the 
operation request trapped in the trap step is present; 

a program code of a processing step of, if it is 
determined in the determination step that the access 
right is present, transferring the operation request to 
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the operating system in the first terminal and returning 
a result from the operating system to the request source 
process; and 

a program code of a denial step of denying the 
operation request if it is determined in the 
determination step that no access right is present. 
35. A program which causes a computer to control an 
information processing system constituted by connecting 
first and second terminals through a communication 
network, comprising : 

a program code of a trap step of, in the first 
terminal, trapping an operation request from a process 
or operating system for computer resource (s) in the 
second terminal before access to the computer resource; 

a program code of a determination step of 
determining, in the second terminal, whether an access 
right for the computer resource designated by the 
operation request trapped in the trap step is present; 

a program code of a processing step of, if it is 
determined in the determination step that the access 
right is present, transferring the operation request to 
the operating system in the first terminal and returning 
a result from the operating system to the request source 
process; and 

a program code of a denial step of denying the 
operation request if it is determined in the 
determination step that no access right is present- 



36. An information processing apparatus connected to 
another terminal through a communication network, 
comprising: 

trap means for trapping an operation request from 
a process or operating system for computer resource (s) 
in the other terminal before access to the computer 
resource; and 

reception means for receiving a reply to the 
operation request . 

37. An information processing apparatus connected to 
another terminal through a communication network, 
comprising : 

determination means for determining whether an 
access right is present for computer resource (s) in the 
information processing apparatus, which is designated by 
an operation request for the computer resource trapped 
by the other terminal before access to the computer 
resource; 

processing means for, if it is determined by said 
determination means that the access right is present, 
transferring the operation request to an operating 
system in the other terminal and returning a result to a 
request source process; and 

denial means for denying the operation request if 
it is determined by said determination means that no 
access right is present. 

38. An information processing method for an 
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information processing apparatus connected to another 
terminal through a communication network, comprising: 

a trap step of trapping an operation request from 
a process or operating system for computer resource (s) 
in the other terminal before access to the computer 
resource; and 

a reception step of receiving a reply to the 
operation request . 

39. An information processing method for an 
information processing apparatus connected to another 
terminal through a communication network, comprising: 

a determination step of determining whether an 
access right is present for computer resource (s) in the 
information processing apparatus, which is designated by 
an operation request for the computer resource trapped 
by the other terminal before access to the computer 
resource; 

a processing step of, if it is determined in the 
determination step that the access right is present, 
transferring the operation request to an operating 
system in the other terminal and returning a result from 
the operating system to a request source process; and 

a denial step of denying the operation request if 
it is determined in the determination step that no 
access right is present. 

40. A storage medium which stores program codes of 
information processing of an information processing 
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apparatus connected to another terminal through a 
communication network, comprising: 

a program code of a trap step of trapping an 
operation request from a process or operating system for 
computer resource (s) in the other terminal before access 
to the computer resource; and 

a program code of a reception step of receiving a 
reply to the operation request. 

41* A storage medium which stores program codes of 
information processing of an information processing 
apparatus connected to another terminal through a 
communication network, comprising: 

a program code of a determination step of 
determining whether an access right is present for 
computer resource (s) in the information processing 
apparatus, which is designated by an operation request 
for the computer resource trapped by the other terminal 
before access to the computer resource; 

a program code of a processing step of, if it is 
determined in the determination step that the access 
right is present, transferring the operation request to 
an operating system in the other terminal and returning 
a result from the operating system to a request source 

process; and 

a program code of a denial step of denying the 
operation request if it is determined in the 
determination step that no access right is present. 
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42. A program which causes a computer to execute 
information processing of an information processing 
apparatus connected to another terminal through a 
communication network, comprising: 

a program code of a trap step of trapping an 
operation request from a process or operating system for 
computer resource (s) in the other terminal before access 
to the computer resource; and 

a program code of a reception step of receiving a 
reply to the operation request. 

43. A program which causes a computer to execute 
information processing of an information processing 
apparatus connected to another terminal through a 
communication network, comprising: 

a program code of a determination step of 
determining whether an access right is present for 
computer resource (s) in the information processing 
apparatus, which is designated by an operation request 
for the computer resource trapped by the other terminal 
before access to the computer resource; 

a program code of a processing step of, if it is 
determined in the determination step that the access 
right is present, transferring the operation request to 
an operating system in the other terminal and returning 
a result from the operating system to a request source 
process; and 

a program code of a denial step of denying the 
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operation request if it is determined in the 
determination step that no access right is present. 

44. An information processing apparatus for converting 
digital information to restrict operations, comprising: 

storage means for reading and storing the digital 
information; 

first adding means for adding restricting 
attribute information to the digital information, 
wherein the restricting attribute information defines 
contents of operation restriction on the digital 
information; 

second adding means for adding to a restricting 
program to the digital information, wherein the 
restricting program for monitoring and controlling 
operation (s) on the digital information; and 

output means for outputting the digital 
information to which the restricting attribute 
information and restricting program are added by said 
first and second adding means altogether as data having 
an executable format. 

45. An information processing apparatus using data 
having an executable format, comprising: 

activation means for activating the data having 
the executable format, which contains digital 
information to which restricting attribute information 
that defines contents of operation restriction on the 
digital information and a restricting program for 
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monitoring and controlling operation (s) on the digital 
information are added; 

read means for reading a restricting routine 
section for monitoring and controlling the operation (s) 
on the digital information from the restricting program 
and activating the restricting routine sections- 
acquisition means for acquiring a target 
application to operate the digital information from the 
restricting attribute information; 

application activation means for activating the 
application acquired by said acquisition means; 

determination means for determining whether the 
application has been successfully activated by said 
application activation means; 

end means for ending activation of the data having 
the executable format when it is determined by said 
determination means that the activation of the 
application has failed; 

operation means for decoding the digital 
information into a state operable from the application 
when it is determined by said determination means that 
the application has been successfully activated; and 

processing means for transferring the decoded 
digital information to the activated application. 
46. The apparatus according to claim 45, wherein when 
the restricting attribute information contains no 
application information that specifies the target 
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application, said application activation means 
automatically recognizes the application to be activated 

47. The apparatus according to claim 45, further 
comprising 

first delete means for deleting the decoded 
digital information when the activated application has 
released the decoded digital information, and 

second delete means for ending and deleting the 
activated restricting routine section when the activated 
application is ended. 

48. An information processing method of converting 
digital information to restrict operations, comprising: 

a storage step of reading and storing the digital 

information; 

a first adding step of adding restricting 
attribute information to the digital information, 
wherein the restricting attribute information defines 
contents of operation restriction on the digital 
information; 

a second adding step of adding a restricting 
program to the digital information, wherein the 
restricting program for monitoring and controlling 
operation (s) on the digital information; and 

an output step of outputting the digital 
information to which the restricting attribute 
information and restricting program are added in the 
first and second adding steps altogether as data having 
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an executable format . 

49. An information processing method using data having 
an executable format, comprising: 

an activation step of activating the data having 
the executable format; 

a read step of reading a restricting routine 
section for monitoring and controlling operation (s) on 
digital information from a restricting program and 
activating the restricting routine section; 

an acquisition step of acquiring a target 
application to operate the digital information from 
restricting attribute information; 

an application activation step of activating the 
application acquired in the acquisition step; 

a determination step of determining whether the 
application has been successfully activated in the 
application activation step; 

an end step of ending activation of the data 
having the executable format when it is determined in 
the determination step that the activation of the 

application has failed; 

an operation step of decoding the original digital 
information into a state operable from the application 
when it is determined in the determination step that the 
application has been successfully activated; and 

a processing step of transferring the decoded 
digital information to the activated application. 

- 119 - 



50. The method according to claim 49, wherein in the 
application activation step, when the restricting 
attribute information contains no application 
information that specifies the target application, the 
application to be activated is automatically recognized. 

51. The method according to claim 49, further 
comprising 

a first step of deleting the decoded digital 
information when the activated application has released 
the decoded digital information, and 

a second delete step of ending and deleting the 
activated restricting routine section when the activated 
application is ended. 

52. An information processing system constituted by 
connecting first and second terminals through a 
communication network, wherein 

the first terminal comprises: 

storage means for reading and storing digital 
information; 

first adding means for adding restricting 
attribute information to the digital information, 
wherein the restricting attribute information defines 
contents of operation restriction on the digital 
information; 

second adding means for adding a restricting 
program to the digital information, wherein the 
restricting program for monitoring and controlling 
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operation (s) on the digital information; 

output means for outputting the digital 
information to which the restricting attribute 
information and restricting program are added by said 
first and second adding means altogether as data having 
an executable format; and 

transmission means for transmitting the data 
having the executable format to the second terminal, and 

the second terminal comprises: 

reception means for receiving the data having the 

executable format from the first terminal; 

activation means for activating the data having 

the executable format; 

read means for reading a restricting routine 

section for monitoring and controlling the operation (s) 

on the digital information from the restricting program 

and activating the restricting routine sections- 
acquisition means for acquiring a target 

application to operate the digital information from the 

restricting attribute informations- 
application activation means for activating the 

application acquired by said acquisition means; 

determination means for determining whether the 

application has been successfully activated by said 

application activation means; 

end means for ending activation of the data having 

the executable format when it is determined by said 
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determination means that the activation of the 
application has failed; 

operation means for decoding the digital 
information into a state operable from the application 
when it is determined by said determination means that 
the application has been successfully activated; and 

processing means for transferring the decoded 
digital information to the activated application. 
53. A program which causes a computer to execute 
information processing of converting digital information 
to restrict operations, comprising: 

a program code of a storage step of reading and 
storing the digital information; 

a program code of a first adding step of adding 
restricting attribute information to the digital 
information, wherein the restricting attribute 
information defines contents of operation restriction on 
the digital information; 

a program code of a second adding step of adding a 
restricting program to the digital information, wherein 
the restricting program for monitoring and controlling 
operation (s) on the digital information; and 

a program code of an output step of outputting the 
digital information to which the restricting attribute 
information and restricting program are added in the 
first and second adding steps altogether as data having 
an executable format. 
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54. A program which causes a computer to execute 
information processing using data having an executable 
format, comprising : 

a program code of an activation step of activating 
the data having the executable format, which contains 
digital information to which restricting attribute 
information that defines contents of operation 
restriction on the digital information and a restricting 
program for monitoring and controlling operation (s) on 
the digital information are added; 

a program code of a read step of reading a 
restricting routine section for monitoring and 
controlling operation (s) on digital information from a 
restricting program and activating the restricting 

routine section; 

a program code of an acquisition step of acquiring 
a target application to operate the digital information 
from restricting attribute information; 

a program code of an application activation step 
of activating the application acquired in the 

acquisition step; 

a program code of a determination step of 
determining whether the application has been 
successfully activated in the application activation 
step; 

a program code of an end step of ending activation 
of the data having the executable format when it is 



determined in the determination step that the activation 
of the application has failed; 

a program code of an operation step of decoding 
the digital information into a state operable from the 
application when it is determined in the determination 
step that the application has been successfully 

activated; and 

a program code of a processing step of 
transferring the decoded digital information to the 
activated application. 

55. The program according to claim 54, wherein in the 
application activation step, when the restricting 
attribute information contains no application 
information that specifies the target application, the 
application to be activated is automatically recognized. 

56. The program according to claim 54, further 
comprising 

a program code of a first step of deleting the 
decoded digital information when the activated 
application has released the decoded digital information, 

and 

a program code of a second delete step of ending 
and deleting the activated restricting routine section 
when the activated application is ended. 
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